SEC Publishes More New C&DI On Cybersecurity Rules
On June 24, 2024 the SEC published five (5) new compliance and disclosure interpretations (C&DI) on cybersecurity incident disclosures supplementing the C&DI published in December 2023 (see HERE).
Cybersecurity
In July, 2023 the SEC adopted final new rules requiring disclosures for both domestic and foreign companies related to cybersecurity incidents, risk management, strategy and governance (see HERE for a review of the new rules).
The cybersecurity rules add new Item 1.05 to Form 8-K requiring disclosure of a material cybersecurity incident including the incident’s nature, scope, timing, and material impact or reasonably likely impact on the company. An Item 1.05 Form 8-K is due within four business days following determination that a cybersecurity incident is material. Given the sensitive nature of cybersecurity crimes, the SEC has added a provision allowing an 8-K to be delayed if it is informed by the United States Attorney General, in writing, that immediate disclosure would pose a substantial risk to national security or
SEC Publishes New C&DI On Cybersecurity Rules
Back in fourth quarter 2023, the SEC published several new compliance and disclosure interpretations on various topics including cyber incident disclosure, proxy and information statements, the inclusion of securities in the filing fee exhibit, and Inline XBRL. As my blog topic list tends to be very long, I am finally getting to this and will cover the various new C&DI topics over the next few weeks.
Cybersecurity
In July, 2023 the SEC adopted final new rules requiring disclosures for both domestic and foreign companies related to cybersecurity incidents, risk management, strategy and governance (see HERE for a review of the new rules). The SEC has published three new C&DI directly related to the Form 8-K reporting requirements and ability to delay reports based on national security concerns.
The cybersecurity rules add new Item 1.05 to Form 8-K requiring disclosure of a material cybersecurity incident including the incident’s nature, scope, timing, and material impact or reasonably likely impact on the